Fraudblock is a Shopify eCommerce fraud prevention app that automatically cancels high-risk orders. We sat down with owner and CEO Nick Fischer to discuss a number of unique topics for Shopify merchants to consider including how merchants can accidentally fill known fraudulent orders, the relationship between inventory and fraud, and more.
1. Many merchants starting out on Shopify are new sellers who get caught off-guard by fraud. What are some of the most common mistakes you see these merchants making? Are there any ‘quick win’ changes they can make to make a dent in the problem right away?
Absolutely, I see this all the time, unfortunately – and it’s understandable: Merchants spend a lot of time making their store look great, curating or even manufacturing awesome products, and generating buzz for their launch – fraud is probably not something that even enters their mind during this phase, but it’s an unfortunate reality of the eCommerce landscape and sellers should be prepared to deal with it.
Some “quick wins” that I always recommend to merchants who are just starting out is to make use of Shopify’s built-in protection mechanisms, which are often turned off by default: In your Shopify backend, go into your payment provider settings and make sure that “CVV verification” and “ZIP verification” is turned on.
This will match the customer’s billing address ZIP code to the ZIP that’s linked to their credit card, which already takes care of a surprising percentage of fraudulent order attempts.
2. What do you find are the most important things for merchants to keep in mind to prevent eCommerce fraud when selling on Shopify?
One thing to note is that fraudsters are often willing to do anything it takes to trick you – unsuspecting merchants see the “high risk” warning from Shopify and their first impulse is often to reach out to the customer to ask for additional verification, like a copy of an utility bill or a driver’s license. The problem here is that these can easily be forged, as well, even with just basic Photoshop skills.
What I’ve found is that the best course of action almost always is to simply cancel the order and move on – spending an excess amount of time on a potentially fraudulent order doesn’t actually provide any certainty that the order is legitimate and more often than not will lead to an additional chargeback fee.
This is why FraudBlock automatically cancels, refunds, and restocks orders that Shopify has deemed to be “high risk”, thus avoiding potential chargeback fees and the hassle of manually dealing with the fraudsters.
3. One interesting feature of FraudBlock is that it ‘saves you from accidentally fulfilling fraudulent orders’. I think a lot of merchants would be surprised to hear that’s even possible. How does something like that happen?
Shopify marks “high risk” orders in red within the merchant’s order backend. If you’re dealing with lots of orders (and are thus batch-printing shipping labels and pick lists) or if you’ve got automation flows set up, you may never spot the “fraud” classification.
For example, some dropshipping merchants automatically route new orders to their fulfillment provider, and some merchants offering custom printed products like t-shirts or mugs auto-push their incoming orders to a third-party print shop – these automation flows are great for legitimate orders, but can let fraudulent orders slip through the cracks.
FraudBlock automatically cancels incoming fraudulent orders immediately, which stops all further manual or automatic processing steps in their tracks.
4. You write that FraudBlock reviews orders ‘based on Shopify’s fraud analysis’. What are some of the factors or indicators you take into consideration?
FraudBlock relies on Shopify’s excellent risk classification system to do the heavy lifting. It considers factors such as the CVV, how many payment attempts there were (multiple card declines, for example), the distance between the user’s current location (based on their IP address) to the shipping address, whether the billing address country matches the user’s current location, and other tell-tale signs of fraud relating to the IP address of the user (such as using a web proxy or a VPN connection).
5. At the same time, FraudBlock is an add-on to Shopify’s existing anti-fraud mechanisms. Where do you think Shopify’s native capabilities fall short?
Shopify’s native fraud analysis is actually very good – they see millions of orders across their entire ecosystem every day, and can use this vast amount of data to spot fraudsters before they even land on your store. This gives Shopify an edge over self-hosted solutions like WooCommerce, where every store is its own little island.
However, while Shopify is great at spotting fraud, they just alert the merchant and don’t actually act on their determination, so you still need to manually comb through orders to spot and cancel fraudulent ones.
6. How does FraudBlock work to strike a balance between chargeback prevention and preventing false positive declines on Shopify?
That’s a great question! Shopify actually has multiple risk categories: low risk, medium risk, and high risk. Medium risk orders are ones that are relatively easy to investigate manually – usually, they’re genuine orders, where the customer simply made a typo in their billing details, for example.
If Shopify classifies an order as “high risk”, it’s because they’ve spotted a definite sign of fraud. FraudBlock only cancels “high risk” orders, not medium risk ones. That way, we’re able to reduce the number of chargebacks, while keeping the rate of false positive declines low.
7. FraudBlock automatically deals with inventory issues stemming from fraud. Can you take us through the relationship between inventory and fraud? What problems will merchants run into if they neglect this aspect of fraud prevention?
This is definitely an issue that is often overlooked, because on the surface, you wouldn’t immediately connect fraud with inventory issues. When a customer places an order, Shopify (like most eCommerce platforms) removes the ordered items from your available stock (because you can obviously only ship the same item once).
In the case of fraudulent orders, this means that the items ordered by the scammer can often be stuck in limbo for days or weeks while you’re dealing with the fraudster, potentially preventing legitimate customers from ordering this item (if you’re low on stock or sell unique items).
By automatically restocking the ordered items when cancelling a fraudulent order, FraudBlock immediately allows other, legitimate customers to order the item again – without the merchant’s intervention.
8. Moving on to payments, FraudBlock will automatically void or refund a customer’s payment. What happens when merchants forget to void payments after cancelling an order?
This is actually the biggest issue with fraudulent orders – simply doing nothing (or waiting for the fraudster to provide additional evidence that they’re legit) can actually bite you: If you wait too long after receiving a potentially fraudulent order, the real owner of the credit card will usually spot the charge on their credit card statement, contact their credit card provider, and file a chargeback, meaning that you’ll not only be out of the money that the fraudster paid to you, but also usually have to eat chargeback fees, adding insult to injury!
And it’s not just the fee itself – each chargeback negatively impacts your “standing” with your payments provider, and if a merchant receives a lot of chargebacks, the provider might actually kick them off their platform. That’s why FraudBlock automatically voids or refunds a payment once a fraudulent order comes in, which nips any potential chargeback issues in the bud.
9. If you could give any one piece of advice to Shopify merchants regarding fraud, what would it be?
All too often, I see merchants who are goaded into spending an excess amount of time investigating high risk orders – fraudsters often place large orders, so it’s understandable that merchants want the order to be real, but this can sometimes lead them to throwing caution into the wind.
Especially if you receive a large number of orders, my advice would be to act swiftly and decisively in the face of suspected fraud. Usually, it’s not worth it to manually follow up with the customer to try to verify the legitimacy of the order – simply cancel the order and move on.